Service-managed stack import for CloudFormation StackSets
The Amazon CloudFormation stack import operation can import existing stacks into new or existing stack sets, so that you can migrate existing stacks to a stack set in one operation. StackSets extends the functionality of stacks, so you can create, update, or delete stacks across multiple accounts and Regions with a single operation.
Considerations for service-managed stack imports
-
The stack import operation requires a management account or delegated admin account in which you can manage the associated Amazon Organizations such as enabling trust access with StackSets.
-
The target accounts must be members of the Amazon Organizations managed by the management account or delegated admin account.
-
Target stack exists in one of the target OUs.
-
The target account should be a member of Amazon Organizations.
-
Amazon Organizations access should be in the
ACTIVATED
state for the Organizations. -
Stacks being imported should be present in any of the member accounts, and not the management account.
Topics
Import a service-managed stack into a new stack set (console)
Import a stack into a new stack set using the Amazon Web Services Management Console
To import a new stack into a stack set, identify a stack that contains the resource you want to import.
Sign in to the Amazon Web Services Management Console and open the Amazon CloudFormation console at https://console.amazonaws.cn/cloudformation
. -
From the navigation pane, choose StackSets.
-
At the top of the StackSets page, choose Create StackSet.
-
On the Choose a template page, do the following:
-
For StackSet permission model choose Service-managed permissions.
-
For Prerequisite - Prepare template, choose Template is ready, and choose your template by using one of the following options:
-
For Amazon S3 URL, enter your Amazon S3 URL in the Amazon S3 URL field.
-
For Upload a template file, choose a CloudFormation template on your local computer.
-
Accept your settings and choose Next.
-
-
On the Specify StackSet details page, do the following:
-
Enter a stack set name in the StackSet name box.
-
(Optional) Enter a description in the StackSet description section.
On the Configure StackSet options page, review your choices and choose Next.
-
-
On the Set deployment options page, do the following:
-
For Add stacks to stack set, choose Import stacks to stack set.
-
For Stacks to import, choose your stack import method.
-
For Stack ID enter your stack ID.
-
For Stack URL enter the Amazon S3 URL.
-
-
-
Under Associate organizational units, do the following:
-
Choose Associate with organization to use root OU.
-
Choose Associate with organizational units (OUs) to enter parent OU IDs for the stacks to import. For example, if
Stack 1
andStack 2
are underOU1
, andStack 3
is underOU2
, enterOU1
andOU2
.
Accept your settings and choose Next.
-
-
Review your settings on the Review page and choose Submit.
Create and import a service-managed stack into an existing stack set (console)
To import an existing stack into a new stack set, identify a stack that contains the resource you want to import.
To create a stack set and import a stack
Sign in to the Amazon Web Services Management Console and open the Amazon CloudFormation console at https://console.amazonaws.cn/cloudformation
. -
From the navigation pane, choose StackSets.
-
At the top of the StackSets page, choose Create StackSet.
-
On the Choose a template page, do the following:
-
For StackSet permission model choose Service-managed permissions.
-
For Prerequisite - Prepare template, choose Template is ready, and choose your template by using one of the following options:
-
For Amazon S3 URL, enter your Amazon S3 URL in the Amazon S3 URL field.
-
For Upload a template file, choose a CloudFormation template on your local computer.
-
Accept your settings and choose Next.
-
-
On the Specify StackSet details page, do the following:
-
Enter a stack set name in the StackSet name box.
-
(Optional) Enter a description in the StackSet description section.
On the Configure StackSet options page, review your choices and choose Next.
-
-
On the Set deployment options page, do the following:
-
For Add stacks to stack set, choose Deploy new stacks.
-
-
For the Associate organizational units section, do the following:
-
Choose Associate with organization to use root OU.
-
Choose Associate with organizational units (OUs) to enter parent OU IDs for the stacks to import. For example, if
Stack 1
andStack 2
are underOU1
, andStack 3
is underOU2
, enterOU1
andOU2
.
-
-
For Specify regions and Deployment options, review your choices.
Accept your settings and choose Next.
-
Review your settings on the Review page and choose Submit.
Import a service-managed stack into an existing stack set (console)
Choose your stack set and identify the stack you want to import.
To import a stack to an existing stack set
Sign in to the Amazon Web Services Management Console and open the Amazon CloudFormation console at https://console.amazonaws.cn/cloudformation
. -
From the navigation pane, choose StackSets.
-
Choose the stack set you want to import a stack to, and then choose Add stacks to StackSet from the Actions drop-down.
-
On the Set deployment options page, do the following:
-
For Add stacks to stack set, choose Import stacks to stack set.
-
Under Stacks to import, do the following
-
For Stack ID, enter your stack ID.
-
For Stack URL, enter the Amazon S3 URL.
-
-
Under Associate organizational units, do the following:
-
Choose Associate with organization to use root OU.
-
Choose Associate with organizational units (OUs) to enter parent OU IDs for the stacks to import. For example, if
Stack 1
andStack 2
are underOU1
, andStack 3
is underOU2
, enterOU1
andOU2
.
Accept your settings and choose Next.
-
-
-
Review the Specify overrides page and choose Next.
-
Confirm and review the Review page and choose Submit.
Importing a service-managed stack into a stack set (Amazon CLI)
Once a stack set is created, you can import your stacks by passing the stack ID's of the stacks being imported. You may also pass the OU ID list to which you want to map it to.
StackSets will import user provided stacks within those OUs and use those OUs as
deployment targets for the stack sets. Stack IDs presented in the input will map to the nearest
OU in OU ID list input internally. If a stack doesn't belong to an existing OU ID in the input
list, then the Amazon CLI will return the StackNotFoundException
error.
The import-stacks-to-stack-set
operation creates stack instances for the
stacks in the OU ID input. The following Amazon CLI examples use the
import-stacks-to-stack-set
operation to import a stack into a stack set.
-
To use the
import-stacks-to-stack-sets
operation, specifystack-ids
orstack-ids-url
you want to import to your stack set.aws cloudformation import-stacks-to-stack-set \ --stack-set-name
ServiceMangedStackSet
\ --stack-ids "arn:123456789012:us-east-1:Stack1
" \ --organizational-unit-idsou-examplerootid111-exampleouid111
aws cloudformation import-stacks-to-stack-set \ --stack-set-name
ServiceMangedStackSet
\ --stack-ids-urlhttps://amzn-s3-demo-bucket.s3.us-west-2.amazonaws.com/file-name.json
\ --organizational-unit-idsou-examplerootid111-exampleouid111
Note
The import-stacks-to-stack-sets
operation, requires you to specify at least
one organizational unit ID (OU ID) so that it can associate the stack being imported to that
particular OU. This operation doesn't create stack instances for other member accounts in the
associated OUs. To update member accounts for the associated OUs, use
create-stack-instances
or update-stack-instances
.
create-stack-set
creates stack instances for all the accounts under the OUs
with a user provided template, either from direct upload or Amazon S3. The following Amazon CLI examples
use the create-stack-set
operation to import a stack into a new stack set.
-
To use the
create-stack-set
operation, specify your stack set name and import a stack to a newly created stack set.aws cloudformation create-stack-set \ --template-url
https://amzn-s3-demo-bucket.s3.us-west-2.amazonaws.com/file-name.json
\ --permission-model SERVICE_MANAGED \ --auto-deployment Enabled=true